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IMPROVEMENTS IN AND RELATING TO ELECTRONIC 



SECURITY DEVICES 



Field of the Invention 



5 



The present invention relates to electronic security 
devices and to methods of operation of electronic devices. 

Background to the Invention 



Despite the growing proliferation of computer hardware 
and software, there are still serious problems associated 
with the security of both of them . Many new problems have 
arisen and others have become exacerbated as computers have 
15 become progressively more portable. One such particular 
problem is the security of devices themselves against 
theft. 



20 embodiments thereof, electronic security devices that 
address at least some of the problems of the prior art. 

Symmetry pf frhg yjcrygnfrjoa 



there is provided an electronic security device comprising 
means for receiving and output t ing s ignal s when in an 
authorised -use s t tate , a real time clock for determining 
whether a predetermined real time period has expired and, 
30 if so, seeking an authorisation, means for verifying the 
authorisation, and means for configuring the device into an 
unauthorised use state in the event that a correct 
authorisation is not received in time. 



10 



The present invention aims to provide in preferred 



25 



According to the present invention in a first aspect, 
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This device provides time -limited security based on a 
real time measure, not based on the last use of the device. 

5 Suitably, the device is adapted to receive encrypted 

authorisation codes. 

Suitably, when in an unauthorised use state the device 
received input signals, encrypts them and outputs the 
10 encrypted signals. 



15 



Suitably, the device comprises means whereby when in an 
unauthorised use state, the device reduces the frequency at 
which inputs are transmitted to an input receiver. 



Suitably, the device includes means for generating a 
random (which expression includes pseudo- random) number and 
means for encrypting the random number. Suitably, the 
device includes means for performing a predetermined 
20 mathematical operation on the random number. Suitably, the 
device includes means for encrypting and decrypting data. 
Suitably, the encryption is according to a public key 
algorithm. 

25 Suitably, the device additionally comprises a means for 

periodically checking the real time clock against a 
predetermined time period. Suitably, the periodic checking 
means comprises a counter which upon reaching a 
predetermined number initiates the check and means for re- 

30 setting the counter. 

Suitably, the device comprises a dedicated power 
supply. Suitably, the device is embodied in a plug-in 
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module, which plug in module suitably comprises a power 
source such as a battery. 

According to the present invention in a second aspect, 
5 there is provided an electronic apparatus comprising a 
security device according to the first aspect of the 
invention. 

Suitably, the security device is located between an 
electronic output device and an electronic input device. 
The output device may, for instance, be a keyboard or a 
modem. The input device may be a central processing unit, 
memory unit, video card etc. Suitably, when in an 
unauthorised use state the device reduces the frequency at 
which key presses are transmitted to or within the 
electronic apparatus. 

According to the present invention in a third aspect, 
there is provided a digital electronic computer comprising 
a security device according to the first aspect of the 
invention. 

According to the present invention in a fourth aspect, 
there is provided a method of operating an electronic 
device comprising a security device which receives output 
signals when in an authorised use A state , the method 
comprising the steps of using a real time clock to 
determine whether a predetermined real time period has 
expired and, if so, seeking an authorisation, checking 
whether the authorisation is acceptable and configuring the 
device in an unauthorised use state in the event that a 
correct authorisation is not received in time. 
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Suitably, the authorisation code is encrypted. 

Suitably, when in an unauthorised use state the device 
receives input signals, encrypts them and outputs the 
encrypted signals. 

Suitably, when in an unauthorised use state, the device 
reduces the frequency at which inputs are transmitted to an 
input receiver. 

Suitably, the device generates a random (which 
expression includes pseudo- random) number and encrypts the 
random number. Suitably, the device performs a 

predetermined mathematical operation on the random number. 
Suitably, the device encrypts and decrypts data. Suitably, 
the encryption is according to a public key algorithm. 

Suitably the encrypted number is transmitted to a 
verification station which verification station decrypts 
the encrypted number and verifies it against a number 
previously supplied to the electronic device. 

According to the present invention in a fifth aspect, 
there is provided an electronic system adapted and 
configured to operate according to the method of the fourth 
aspect of the invention. 

Brief Descripti on of the Figures 

The present invention will now be described, by way of 
example only, with reference to the Figures that follow; in 
which: 
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Figure 1 is a schematic illustration of an electronic 
data processing apparatus embodying the present invention . 

Figures 2A-2C are flow diagrams illustrating a mode of 
5 operation of the Figure 1 apparatus according to the 
present invention. 

Figures 3A-3E are flow diagrams illustrating more 
detail of a mode of operation of the Figure 1 apparatus 
10 according to the present invention. 

Description of the Preferre d Embodiments 

In one preferred embodiment of the present invention, 
15 there is provided an electronic data processing apparatus, 
typically a personal computer ("PC") 2. The PC 2 receives 
input signals from peripheral input devices (eg keyboard, 
data socket (modem) , pen, voice recognition microphone 
etc). The PC 2 includes a keyboard 4 having an associated 
20 keyboard controller 6 and a bus 8 forming an input channel. 

A security device 10 is located between the keyboard 
controller 6 and the bus 8. The device is shown 
schematically in the control line, but normally it will be 
25 located elsewhere, for instance in the body of the PC 2 or 
keyboard itself. It needs to be in a vital location so 
that when inactive it renders the equipment it is in 
/useless or at least incapacitates it to some extent. The 
security device 10 has the following characteristics. 

30 

(i) It includes a real-time clock powered by an 

internal power- supply . 
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(ii) It includes a fast and reversible (symmetric) 

encryption/decryption algorithm such as DES or T- 
code (in ROM - read only memory) . 

It: h as a slower but more secure (asymmetric) 
public key encryption/ decryption algorithm having 
an associated public key (in ROM) . Although 
referred to as a public key, it will not normally 
be disclosed. 

(iv) It has a volatile memory Random Access Memory 
(RAM) including authorisation codes or an 
algorithm therefor, or pre -stored password and 
means for checking whether an input password or 
code matches such an authorisation code or 
password . The RAM is maintained by the power 
supply. 

(v) it has the capacity to perform predetermined 
mathematical operations (eg in a Z80 processor) . 



The security device 10 is embodied in a silicon device 
including a microprocessor (eg a Z80) , read only memory, 
random access memory and a power source such as a battery 
to provide constant power for the real-time clock. If the 
power source for the real-time clock is removed the 
security device 10 will become deactivated. At the 
manufacturing stage the security device 10 is provided with 
a uniques* serial number to differentiate it from other 
corresponding devices, for instance in ROM, EPROM etc. 
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Generally, the security device 10 is activated by an 
activation code. The activation code is provided to the 
security device 10 encoded using a public key algorithm for 
high security. If the activation code is not provided on 
demand the security device 10 will enter an unauthorised 
use state. The security device 10 is configured so that 
upon receipt of the correct activation code it is activated 
for authorised use for a period of time determined 
according to the activation code, according to the in-built 
real-time clock. The period of time can be varied based 
upon the activation code received. While activated, the 
security device 12 transmits received signals unaltered. 
When not activated it is in the unauthorised use state and 
encrypts signals passing therethrough or delays keyboard 
input strikes. Thus, while in the unauthorised use state 
the PC 2 cannot understand the output of keyboard 8 . 

When the predetermined period of operation expires, the 
security device 10 requests a further activation code for 
the next period. When requesting a further activation 
code, the security device 10 identifies itself. The 
activation code is requested by the user from a central 
database. The central database checks to determine if a 
further activation can be approved, for instance it may 
check to determine whether the device has been reported 
stolen, rental fees due have been paid etc. If further 
activation is authorised, the database encrypts the 
activation code tor the next period using the particular 
security device's public key which is entered into the 
security device 10. The encrypted activation code normally 
is provided via electronic means directly to the security 
device 10, for instance directly by modem or over the 
internet, but can also be entered manually by the user, via 
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a disk or by local infra red transmitter. Upon receipt of 
the encrypted activation code, the security device 10 
decrypts it and checks it against its pre- stored codes to 
determine the further predetermined period for which it is 
to be activated before requiring a further activation code. 

Further security can be provided by an additional step 
of the security device 10 creating a random number which is 
encrypted according to the particular security devices 
public key. The encrypted random number is transmitted to 
the database centre (by whatever method) . The database 
centre decrypts the random number, performs a predetermined 
mathematical calculation upon it (this could be as simple 
as to multiply by two or to XOR it with a key) and encrypts 
the new value with a public key provided (or its own public 
key) by the centre and sends it back to the security device 
10. The security device upon receipt of the information, 
decrypts it using the relevant public key and compares the 
figures (after reversing the predetermined calculation or 
taking it into account) . If the figures correspond then 
the security device 10 is confident it is dealing with the 
correct database centre and will accept reconfiguration 
instructions eg re-setting the real time clock. 

If a correct activation code is not provided to the 
security device 10 on demand at the end of the 
predetermined period it enters an unauthorised use state in 
which the user is restricted to, say, 8 keystrokes per 
minute to input subsequent characters etc. Normally, the 
security device 10 will demand an activation code some time 
prior to the end of the predetermined period of operation 
so that any errors or administrative difficulties can be 
resolved before the enters its unauthorised use state. 
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The PC 2 may automatically seek an authorisation code f 
for instance via direct modem or internet access to an 
authorisation centre, without the user intervening. 

5 

Each PC 2 normally will only have one such security 
device 10, but each such device 10 manufactured has a 
different public key so each one is unique. Thus, 
generally each device 10 will output a different signal 
10 upon receipt of the same input signal. 

The device also provides password verification and can 
be configured to do this with or without the activation 
code. 

15 

In use, the PC 2 is configured to require a password 
before permitting access to certain functions or data. By 
way of example, a word-processing file may be password 
protected. Before permitting access to the file, the PC 
20 Central Processing Unit (CPU) requires confirmation from 
the security device 10 that the correct password has been 
entered. 

Referring to Figures 2A-2C of the drawings that follow, 
25 there is shown in flow diagrams an overview of the 
operation of the present invention. The flow diagrams show 
a system configured to require correct password input for 
operation from power up and when a predetermined time 
period expires . 

30 

Referring now to Figure 2A, from power up 100 the 
security device 10 checks (101) a flag to determine whether 
it is its first power up in which case a configuration set- 
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up is initiated (103). In CONFIGURATION the device is 
allocated its unique public key and the real-time clock is 
initialised. Other features such as its predetermined 
mathematical operation, codes for certain time periods, etc 
5 can be configured or modified at this time. The user does 
not know these. When configuration is finished or 
following the "password tamper count" is checked 102, At 
104 if the tamper count is greater than the default tamper 
count a "LOCKED" message is displayed 106 and the security 
10 device 10 is configured into a "PASSWORD LOCKED WAITING" 
state (see Figure 2B) at 108. 

If at 104 the tamper count is less than or equal to the 
default tamper count a password is requested 110. If at 
15 112 the password is incorrect the tamper count is 
incremented by one 114, If the password is correct the 
security device 10 compares the current real time with the 
time against which activation has been permitted 116. The 
security device 10 also compares the current real time from 

2 0 its own internal clock/counter with the time for which 

authorised use has been permitted each time the PC 2 is 
booked (i.e. typically each time WINDOWS (Registered Trade 
Mark) is initialised. If at 118 the time has expired, the 
security device is configured into the "LOCKED WAITING" 
25 state 120 (see Figure 2C) but if the time has not expired 
the information is passed without interruption (122) . 

Referring to Figure 2B, the "PASSWORD LOCKED WAITING" 
state is now described. In the "PASSWORD LOCKED WAITING" 

3 0 state a keystroke delay facility is enabled. The keystroke 

delay facility only allows one keystroke every eight 
seconds to reach the PC 2 . This ensures that inputs needed 
during boot up, or to enter a password are permitted and 
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predictable, but that the device cannot be used 
practicably. 

In the "PASSWORD LOCKED WAITING" state 108, at 124 the 
user is required to input a command instructing the PC to 
communicate with an authorisation centre- At this stage 
the user can choose manual or automatic communication with 
the authorisation centre. When the command is entered, the 
tamper count is incremented (126), If (128) the tamper 
count has expired the device is locked (130) . If the 
tamper count has not expired, the device is allowed (132) 
to operate for a further 3-4 hours to enable the 
verification procedure to be completed. 

15 The security device first creates and encrypts a random 

(or pseudo- random) number and encrypts it with the embedded 
public key (134) . In 134 W PK" = Public Key and "AC" = 
Activation Code. The encrypted random number is 

transmitted to the authorisation centre which may be 

20 automatic, for instance via a direct modem or the internet, 
or manually, for instance by the user phoning up the 
authorisation centre and entering what they are told via 
the keyboard. If the user communicates manually, further 
security can be implemented such as checking the users pre- 

25 allocated password etc. 

The security device 10 then at 13 6 enters a waiting 
state to receive a data string (138) from the network 
authorisation centre ( w NOC") which its decrypts. If the 
30 received data is verified (140) the "wrong password tamper 
count" is incremented (142) and the device is permitted to 
operate :. for a further period with a new password that is 
notified to the user (144). The input from the 
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authorisation centre includes an activation code and a new 
password encrypted according to the public key of the 
security device 10. If at 140 there is an error, 
indicating perhaps an attempted tampering with the device, 
5 it returns to the "PASSWORD LOCKED WAITING" state and asks 
for a command to be entered. 

The authorisation centre will only provide the security 
device 10 with the necessary authorisation code and new 
10 password if approved. Approval may depend upon payment of 
relevant fees to the authorisation centre, checking whether 
the item of equipment is registered as stolen, or other 
security checks. 

15 Referring to Figure 2C the security device 10 is in the 

"LOCKED WAITING" state 120. As this state is indicative of 
a possible security breach, a higher level of security is 
adopted. 

20 At 146 the security device 10 requires a command to be 

entered instructing it to communicate with the 
authorisation centre via modem (for instance). Upon 
receipt of the command 148, the tamper count is checked 
150. If the tamper count is less than or equal to the 

25 DEFAULT valve the ALLOW TAMPER COUNT counter is incremented 
152 and the device is authorised 154 to operate for 3-4 
hours from then until the user downloads an acceptable 
activation code. Next, or if at 150 the ALLOW TAMPER COUNT 
is greater than the default value, at 156 the security 

30 device 10 creates a random (or pseudo-random) number which 
is encrypted using its public key. The encrypted random 
number is transmitted to the authorisation centre together 
with an identifier of the security device 10 in question. 
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The security device 10 then enters 158 a waiting state 
during which it expects to receive a data string from the 
authorisation centre for activation. The authorisation 
5 centre first checks whether the security device 10 can be 
authorised for a further period, for instance by checking 
whether it has been reported stolen or if any monies due 
are outstanding. If further use can be authorised, the 
authorisation centre (knowing the public key of the 

10 security device 10) decrypts the encrypted random number, 
performs a predetermined mathematical operation upon it (eg 
XOR or multiply) , re -encrypts the result using the same 
public key and transmits the encrypted result with an 
encrypted new authorisation code to the security device 10 

15 as a data string. 

Upon receipt 160 of the encrypted data string, the 
random number is checked 162 (since the security device 10 
knows the predetermined mathematical operation undertaken 
20 by the authorisation centre) and if verified the ALLOW 
TAMPER COUNT is incremented by one 164 and the device is 
authorised (166) for a further 3-4 hours until the user 
downloads a good activation code. 

25 If the data is incorrect, a communication command is 

requested 146 once again. 

Once in normal operation the device 10 uses a counter 
to count up to a predetermined value at which point the 
30 real-time clock is checked against its memory for 
authorisation of a further period. After each check the 
counter is re-set and counts again. Thus, the real-time 
clock is checked periodically against the permitted time of 
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operation to determine if further authorisation is 
required . 

Referring to Figure 3A, once the user has obtained the 
software package and it has been installed, on screen he or 
she is invited to register. Having opted to "Register" 
(180) the security device 10 transmits its identification 
number to the NOC. The user then (182) fills in their 
billing details, activation code period and, optionally, 
their password. At 184 the user is asked to verify their 
selection by selecting either "OK" or "CANCEL" . If 
"CANCEL" is selected then the program is closed (186) . If 
"OK" is selected the password (if any) is checked (188) 
with a pre-stored password. If the password is different 
(190) the system returns to 182. if the password is 
accepted, secure communication is established with the NOC. 
If secure communication cannot be established, a message 
can be displayed to this effect and the system returns to 
(184) . The activation code period, billing details, user 
Global Unique Identifier ("GUID") and, if used, password 
are sent to NOC at 192. If for any reason the connection 
is broken, at 194 the user is informed of this and told to 
re-register at 184. 

Upon receipt of the details from 192 the NOC sends back 
activation code data and a registration password. The 
password must be stored safely in case the machine is 
stolen. The program then displays the user registration 
password (196) received from the NOC. At 198 the 
activation code is passed to the security device 10 which 
check the activation code at 200. If for any reason the 
connection is . broken then at 202 the user is informed that 
the connection was prematurely closed, but that the system 
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should still operate. If a confirmation of success is 
indicated, the user program sends positive confirmation to 
the NOC for a fully registered system (204) and the 
connection is* closed (206) . If the device indicates a fail 
5 on the activation code the user program sends a negative 
confirmation to the NOC which tells the user to re-register 
(208) . 

Referring now to Figure 3B, a flow diagram illustrating 
10 renewal of an activation code is shown. 

At 220 the renewal is initiated either by a user 
clicking on a u RENEW AC" button or the program running 
automatically. At 222 a secure communication is 

15 established with the NOC. At 224 a new AC is requested 
which at 226 is sent by the NOC. The new AC is sent to the 
security device 10 at 228 and if successful (230) confirms 
this to the NOC and closes the connection (232). If 
unsuccessful the user is told to attempt to renew the AC 

20 again (234) and the connection is closed (232) . 

If no link can be established with the NOC at 222, the 
user is told to attempt to renew the activation code again 
at some future time (234) and the attempted connection is 
25 closed (232) . 

: Referring now to Figure 3C, there is shown a flow 
diagram illustrating the capability of the system to change 
a password. 

30 

At 240 the user clicking on an appropriate "button" 
initiates the change of password. The user then (242) 
fills in the new password twice (for validation) and the 
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old password to ensure they are an authorised user. The 
two new passwords are compared and if not identical are 
regarded as invalid at 244, so the system returns to 242. 
If the two new passwords are the same, at 246 the user is 
invited to verify their selection by choosing either "OK" 
or "CANCEL" . If the user selects "CANCEL" then the program 
closes at 248. if the user selects "OK", a secure 
communication link is established with the NOC at 250. If 
no link can be established then the system returns to 246. 
At 252 the change password request with the new and old 
password is sent to the NOC which at 254 returns 
confirmation to the device 10. Upon receipt of 

confirmation, at 256 the device re-confirms receipt at 256 
and the connection is closed (258) . If for any reason the 
connection between the device 10 and NOC is broken, the 
password is not changed (260) and the program closes. 

Referring now to Figure 3D, there is a flow diagram 
showing how a user can change their activation code period. 

Once the user clicks to indicate they wish a period 
change at 270, they are required to fill in their password 
(if one is used) and the new period required at 272. The 
user is then invited to verify their choice by selecting 
either "OK" or "CANCEL" at 274. If "CANCEL" is selected 
the program closes at 276. If "OK" is selected a secure 
communication link is established with the NOC at 278. If 
no link can be established, the system returns to 274. 

Upon a secure communication being established (278) the 
period change request with new activation code period is 
sent to the NOC at 280. The NOC then at 282 sends the new 
activation code back. If for any reason the connection is 
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broken the activation code period is not changed and a try- 
again signal is given at 284. The program then closes 

(276) . Upon receipt of the new activation code, it is 
passed to the security device 10 at 286. The security 
device 10 then checks the activation code. if acceptable 

(success) the user program then sends a positive 
confirmation to the NOC at 290 and the NOC returns a 
confirmation at 292. If at 288 the device returns a fail 
message, negative confirmation is sent to the NOC, the 
activation code is not changed and a try again signal is 
given (294) . After the NOC returns a confirmation, the 
connection is closed at 296. 

Referring now to Figure 3E, a flow diagram is shown 
illustrating how the system can be removed, starting from a 
remove system button at 300. 

The user first fills in their password at (302) 
following which they are requested to verify their choice 
by selecting either "OK" or * CANCEL" (304). If w CANCEL" is 
selected the program closes (306) . If w OK" is selected, a 
secure communication link is established with NOC (308) . 
If no link can be established, the system returns to (304) . 
Upon a secure link being established, the removal request 
is sent to NOC (310) following which the NOC (312) sfends a 
removal command to -the device 10. The removal command is 
passed to the device (10) at 314 which is then checked at 
316 for validity. If the validity check is failed a 
message is given indicating that the isystem hks not been 
removed and inviting the user to try- again (318) and a 
negative confirmation is sent to NOC (320) following which 
the NOC returns a confirmation (322) and the connection is 
closed (324) . If the validity check indicates a success, 
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the user program sends confirmation to the NOC (326), the 
NOC returns a confirmation at (322) and the connection is 
closed at (324). if for any reason the connection with the 
NOC is broken, a message is displayed indicating that the 
system has not been removed and inviting the user to try 
again (328) and the connection is closed (324) . 

Further embodiments of the present invention provide 
the security device 12 before a hard disk or other memory 
device in a PC architecture. 

In this mode, the device encrypts signals input to the 
hard disk or other memory device and decrypts signals 
output from the same. This makes theft of data from the 
hard disk or other memory device harder, especially when 
the mode is combined with the feature described below. We 
refer to this as Auto- Encrypt On Demand Decrypt (AEODD) . 

The device can be placed before any essential integer 
of the PC, such as the hard disk, the CPU, the video card 
etc and configured so that it will only operate upon 
periodic receipt of an authorisation code. When correctly 
activated the device onwards transmits received signals. 
If in an unauthorised use state it can block received 
signals. Alternatively,, in the case of a memory device, 
encryption and decryption can be provided. 

In each case, the provision of the device means that 
unless it, is correctly activated the PC cannot properly be 
used. For instance, in the case of the hard disk option, 
everything that is written to the hard disk is encrypted 
(providing additional security to the data on the disk) 
using the fast encryption algorithm and everything read 
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from it is decrypted by the device. The decryption only 
occurs if the device is activated in an authorised use 
state so if the PC is stolen, then when the permitted time 
period expires no further authorisation can be obtained 
5 (with the assumption that the PC has been reported as 
stolen) , so in effect it will become inoperative. Since 
activation relies on the public key encryption code, it is 
relatively secure. Equally, if the device precedes the CPU 
or video card, if it becomes deactivated, the PC is 
10 inoperative. 

In its unauthorised use state the security device can 
be configured so that it no longer transmits signals, but 
the present invention is not limited to this alternative. 
15 Unauthorised use can also be deterred, for instance, by 
configuring the device to output a useless signal, for 
instance an encrypted version of the input signal. 

Although reference is made herein to a "password" , that 
20 can comprise any signal or combination of signals and need 
not be a "word" at all . 

It will be appreciated by those skilled in the art that 
the device can be located in other positions or, 
25 preferably, incorporated integrally within an essential 
element of the PC. 

In a preferred embodiment of the present invention a 
microprocessor security device is provided with a real-time 
30 clock on a PC motherboard at a : vital point, such : as prior 
to the CPU, the video card, the hard disk etc. When 
correctly activated for authorised use, the device receives 
and outputs received signals. The device remains activated 
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for a predetermined period of time. Upon or just prior to 
expiry of the predetermined period, the device seeks an 
authorisation code that can be input to it in any of the 
known ways. If a correct authorisation code is not 
entered, the device is set to an unauthorised use state and 
no longer properly outputs received signals. Thus a 
periodic authorisation code is required to keep the 
security device, and hence the PC, operational. 

In preferred embodiments, the authorisation code is 
provided in encrypted form and, if desired, a further 
authentication step can be carried out . 

The invention is applicable to any electronic 
apparatus. Although the present invention is described in 
relation to a PC, it will be appreciated that in relation 
to the periodic activation code feature it can find 
application in any electronic apparatus, for instance a 
video camera, lap top computer, mobile telephone etc. 

The reader's attention is directed to all papers 
and documents which are filed concurrently with or previous 
to this specification in connection with this application 
and which are open to public inspection with this 
specification, and the contents of all such papers and 
documents are incorporated herein by reference. 

All of the features disclosed in this specification 
(including any accompanying claims, abstract and drawings), 
and/or all of the steps of any method or process so 
disclosed, may be combined in any combination, except 
combinations where at least some of such features and/or 
steps are mutually exclusive. 
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Each feature disclosed in this specification (including 
any accompanying claims , abstract and drawings) , may be 
replaced by alternative features serving the same, 
5 equivalent or similar purpose, unless expressly stated 
otherwise. Thus, unless expressly stated otherwise, each 
feature disclosed is one example only of a generic series 
of equivalent or similar features . 

10 The invention is not restricted to the details of the 

foregoing embodiment ( s ) . The invention extends to any 
novel one, or any novel combination, of the features 
disclosed in this specification (including any accompanying 
claims, abstract and drawings), or to any novel one, or any 

15 novel combination, of the steps of any method or process so 
disclosed. 
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i. An electronic security device comprising means for 
receiving and outputting signals when in an authorised use 
state, a real time clock for determining whether a 
predetermined real time period has expired and, if so, 



authorisation, and means for configuring the device into an 
unauthorised use state in the event that a correct 
authorisation is not received in time. 

2. An electronic device according to claim 1, in which the 
device is adapted to receive encrypted authorisation codes . 

3. An electronic device according to claim 1 or claim 2, 
in which when in an unauthorised use state the device 
received input signals, encrypts them and outputs the 
encrypted signals. 

4. An electronic device according to claim 1 or claim 2, 
in which the device comprises means whereby when in an 
unauthorised use state, the device reduces the frequency at 
which inputs are transmitted to an input receiver. 

5. An electronic device according to any preceding claim, 
in which the device includes means for generating a random 
(which expression includes pseudo- random) number and means 
for encrypting the random number. 



seeking 



an authorisation, 



means 



for verifying the 



6. An electronic device according to claim 5, in which the 
device includes means for performing a predetermined 
mathematical operation on the random number. 
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7. An electronic device according to claim 5 or claim 6, 
in which the device includes means for encrypting and 
decrypting data. 

5 8. An electronic device according to claim 7, in which the 
encryption is according to a public key algorithm. 

9. An electronic device according to any preceding claim, 
in which the device additionally comprises a means for 

10 periodically checking the real time clock against a 
predetermined time period. 

10. An electronic device according to claim 9, in which the 
periodic checking means comprises a counter which upon 

15 reaching a predetermined number initiates the check and 
means for re-setting the counter. 

11. An electronic device according to any preceding claim, 
in which the device comprises a dedicated power supply. 

20 

12. An electronic device according to claim 11, in which 
the device is embodied in a plug-in module, which plug in 
module suitably comprises a power source such as a battery. 

25 13. An electronic apparatus comprising a security device 
according to any one of claims 1 to 12 . 

14. An electronic apparatus according to claim 13, in which 
the security device is located between an electronic output 
3 0 device and an electronic input device. 



^^^^ 
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15. An electronic apparatus according to claim 14, in which 
when in an unauthorised use state the device reduces the 
frequency at which key presses are transmitted to or within 
the electronic apparatus. 

16 . A digital electronic computer comprising a security 
device according to any one of claims 1 to 12 . 



17. A method of operating an electronic device comprising a 
10 security device which receives output signals when in an 

authorised use state, the method comprising the steps of 
using a real time clock to determine whether a 
predetermined real time period has expired and, if so, 
seeking an authorisation, checking whether the 
15 authorisation is acceptable and configuring the device in 
an unauthorised use state in the event that a correct 
authorisation is not received in time. 

18. A method according to claim 17, in which the 
20 authorisation code is encrypted. 

19. A method according to claim 17 or claim 18, in which 
when in an unauthorised use state the device receives input 
signals, encrypts them and outputs the encrypted signals. 

25 

20. A method according to claim 17 or claim 18, in which 
when in an unauthorised use state, the device reduces the 
frequency at which inputs are transmitted to an input 
receiver . 

30 

21. A method according to any one of claims 17 to 20, in 
which the device generates a random (which expression 
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10 



15 



includes pseudo- random) number and encrypts the random 
number . 

22. A method according to claim 21, in which the device 
performs a predetermined mathematical operation on the 
random number. 

23. A method according to claim 21 or claim 22, in which 
the device encrypts and decrypts data. 

24. A method according to claim 23, in which the encryption 
is according to a public key algorithm. 

25. A method according to claim 23 or claim 24, in which 
the encrypted number is transmitted to a verification 
station which verification station decrypts the encrypted 
number and verifies it against a number previously supplied 
to the electronic device. 

25. An electronic system adapted and configured to operate 
according to any one of claims 17 to 25. 
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1/11-11/11 as originally filed 



2. With regard to the language, all the elements marked above were available or furnished to this Authority in the 
language in which the international application was filed, unless otherwise indicated under this item. 

These elements were available or furnished to this Authority in the following language: , which is: 

□ the language of a translation furnished for the purposes of the international search (under Rule 23.1(b)). 

□ the language of publication of the international application (under Rule 48.3(b)). 

□ the language of a translation furnished for the purposes of international preliminary examination (under Rule 
55.2 and/or 55.3). 

3. With regard to any nucleotide and/or amino acid sequence disclosed in the international application, the 
international preliminary examination was carried out on the basis of the sequence listing: 

□ contained in the international application in written form. 

□ filed together with the international application in computer readable form. 

□ furnished subsequently to this Authority in written form. 

□ furnished subsequently to this Authority in computer readable form. 

□ The statement that the subsequently furnished written sequence listing does not go beyond the disclosure in 
the international application as filed has been furnished. 

□ The statement that the information recorded in computer readable form is identical to the written sequence 
listing has been furnished. 

4. The amendments have resulted in the cancellation of: 

□ the description, pages:. 

□ the claims, Nos.: 
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□ the drawings, sheets: 

5. □ This report has been established as if (some of) the amendments had not been made, since they have been 
considered to go beyond the disclosure as filed (Rule 70.2(c)): 

(Any replacement sheet containing such amendments must be referred to under item 1 and annexed to this 
report.) 



6. Additional observations, if necessary: 



V. Reasoned statement under Article 35(2) with regard to novelty, inventive step or industrial applicability; 
citations and explanations supporting such statement 

1. Statement 



Novelty (N) 


Yes: 


Claims 


1 -25 (yes) 




No: 


Claims 




Inventive step (IS) 


Yes: 


Claims 






No: 


Claims 


1 -25 (no) 


Industrial applicability (IA) 


Yes: 


Claims 


1 -25 (yes) 




No: 


Claims 





2. Citations and explanations 
see separate sheet 



VII. Certain defects in the international application 

The following defects in the form or contents of the international application have been noted: 
see separate sheet 
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V. Reasoned statement with regard to novelty, inventive step or industrial 
applicability 

1 . The subject-matter of Claims 1 and 17 does not involve an inventive step, and 
therefore does not satisfy the criterion set forth in Article 33(3) PCT. 

2. Reference is made to the following documents: 

D1: DE 195 49 014 C (SIEMENS AG) 20 February 1997 (1997-02-20) 

D2: EP 0 649 080 A (SIEMENS NIXDORF INF SYST) 19 April 1995 (1995-04-19) 

D3: US 4 882 752 A (LINDMAN RICHARD S ET AL) 21 November 1989 (1989- 

11-21) 

D4: US 5 355 414 A (HALE ROBERT P ET AL) 1 1 October 1994 (1994-10-1 1) 
D5: US 5 189 700 A (BLANDFORD ROBERT R) 23 February 1993 (1993-02-23) 

3. Document D1 , which is considered to represent the most relevant state of the art, 
discloses an electronic security device (see in particular column 5, lines 14-27) 
comprising means for receiving and outputting signals when in an authorised use 
state, means for determining whether a real time period has expired and, if so, 
seeking ("Abfrageinformation afi") an authorisation, means for verifying the 
authorisation ("korrekt verschlusselte Antwortinformation ai" in D1) an means for 
configuring the device into an unauthorised use state in the event that a correct 
authorisation is not received in time and D1 also discloses corresponding method. 

Therefore, the subject-matter of Claims 1 and 17 differs from the disclosure of D1 
in that a real time clock is used to determine whether a predetermined time period 
has expired. 

The use of a real time clock to determine the expiration of a predetermined time 
period is merely one of several straightforward possibilities from which the skilled 
person would select, in accordance with circumstances, without the exercise of 
inventive skill. 

For the above reasons, the subject-matter of Claims 1 and 17 does not involve an 
inventive step, and therefore does not satisfy the criterion set forth in Article 33(3) 
PCT. 
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4. Claims 2-16 and 18-25 do not appear to contain any additional features which, in 
combination with the features of any claim to which they refer, involve an inventive 
step because they are either known from the prior art D1 to D5 or they define 
features which are a matter of normal design procedure for the skilled person. 

VII. Certain defects in the international application 

1.1 D2 discloses a terminal comprising a security module which stores security 
information such as a cryptographic key. The security module is connected to a 
central data processor, wherein before a data transfer between the terminal and 
the data processor an authentication procedure has to take place, in which the 
security module sends an encrypted time period to the data processor. If the 
security module does not seek a further authentication after this time period has 
elapsed, the security information in the security module is deleted. 

D3 teaches that one of several unauthorised access modes can be implemented 
when an unauthorized interactive terminal or security control processor (SCP) is 
identified and that the SCPs include means for mathematically operating on data 
by the mathematical function of selected corresponding indexed cipher locations 
so as to encipher data to be transmitted over the transmission path and to 
decipher data received over the data transmission path. 
In, D4 a computer security device for preventing unauthorised access to a 
computer system automatically disables peripheral device access to the computer 
system after the peripheral input devices remain inactive for a predetermined 
period. In order to reenable peripheral device access, to the host computer, a 
user enters a correct password on the keyboard. 

D5 discloses that an authentication code can be produced using a random 
number included in data. 

1 .2 Contrary to the requirements of Rule 5.1 (a)(ii) PCT, the relevant background art 
disclosed in the documents D1 to D5 is not mentioned in the description, nor are 
these documents identified therein. 

2. The features of the claims are not provided with reference signs placed in 
parentheses (Rule 6.2(b) PCT). 
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3. The claims have not been drafted in the two-part form as required by Rule 6.3(b) 
PCT. 
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rfTENT COOPERATION TREATY 1 

PCT 



INTERNATIONAL SEARCH REPORT 

(PCT Article 18 and Rules 43 and 44) 



Applicant's or agent's file reference 

PLB/CC/Q418 


FOR FURTHER 860 Notification of Transmittal of International Search Report 
* (Form PCT/ISA/220) as well as, where applicable, Rem 5 below. 
ACTION 


International application No. 

PCT/GB 99/02671 


International filing date (day/month/year) 

12/08/1999 


(Earliest) Priority Date (day/monlh/ysar) 

20/08/1998 


Applicant 

C0M0D0 TECHNOLOGY DEVELOPMENT LIMITED et al . 



This International Search Report has been prepared by this International Searching Authority and Is transmitted to the applicant 
according to Article 18. A copy Is being transmitted to the International Bureau. 

This International Search Report consists of a total of 3 sheets. 

|X| It Is also accompanied by a copy of each prior art document cited In thte report. 



1 . Basis of the report 

a. With regard to the language, the International search was carried out on the basis of the International application In the 
language In which It was filed, unless otherwise Indicated under this Item. 

I I the International search was carried out on the basis of a translation of the International application furnished to this 
1 Authority (Rule 23.1(b)). 

b. With regard to any nucleotide ancVor amino acid sequence disclosed In the International application, the International search 
was carried out on the basis of the sequence Osttng : 

| | contained In the International application In written form. 

filed together wfth the Intemational application In computer readable form, 
furnished subsequently to this Authority In written form, 
furnished subsequently to this Authority bi computer readble form. 



□ 
□ 
□ 
□ 

□ 



the statement that the subsequently furnished written sequence listing does not go beyond the disclosure In the 
International application as fOed has been furnished. 

the statement that the Inf ormation recorded In computer readable form Is Identical to the written sequence listing has been 
furnished 



2. Q Certain claims were found unsearchable (See Box I), 
a Q Unity of invention is lacking (see Box II). 

4. Wfth regard to the title, 

|X| the text Is approved as submitted by the applicant 

| | the text has been established by this Authority to read as follows: 



5. With regard to the abstract, 

|X| the text Is approved as submitted by the applicant 

□ the text has been established, according to Rule 38.2(b), by this Authority as It appears In Box III. The applicant may, 
within one month from the date of mailing of this International search report, submit comments to this Authority. 



€l The figure of the drawings to be published with the abstract Is Figure No. 
[X| as suggested by the applicant 
| | because the applicant fafled to suggest a figure. 
| | because this figure better characterizes the Invention. 



1 



|~| None of the figures. 



Form PCT/ISA/210 (first sheet) (July 1996) 



\ 



This Page Blank (uspto) 



INTERACTIONAL SEARCH REPORT 



pjonal Application No 

PCT/GB 99/02671 



A. CLASSIFICATION OF SUBJECT MATTER 

IPC 7 G06F1/00 



According to International Patent Classification (IPC) or to both national classification and IPC 



a FIELDS SEARCHED 



Mnfcnum documentation searched (classification system folowed by classification symbols) 

IPC 7 G06F 



Documentation searched other than mfrihrtum docurnentation to the extent that such documents are Included in the fields searched 



Bectronlc data base consulted during the fcrtematton al search (name of data base and. where practical, search terms used) 



a DOCUMENTS CONSIDERED TO BE RELEVANT 



Categwy ° 


Citation of document, with h*Jcation v where appropriate, of the relevant passagee 


Relevant to dafrn No. 
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DE 195 49 014 C (SIEMENS AG) 
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20 February 1997 (1997-02-20) 


14, 






17-19,26 




abstract; figure 1 




claims 1-10 
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9,12 
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19 April 1995 (1995-04-19) 
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the whole document 




-/- 





Further documents are Isted In the contkxiation of box C. 



Patent family members are Isted hi annex. 



' Special categories of cited documents ; 

'A" document deffcilng the general state of the art which Is not 
considered to be of particular relevance 

"E" earilerdocumembutpublsrtedon orafterthe hitemationaJ 
fling date 

°L a document which may throw doubts on priority cJakntoor 
which Is cited to establish the publication date of another 
citation or other special reason (as specified) 
"O" document referring to an oral dsciosure, use, exhfcrtion or 
other means 

"P" document publshed prior to the hrternationaJ flung date but 
later than the priority date claimed 



T later document published after the hTtemational tlkig date 
or priority date and not hi conflct wHh the apptcation but 
cited to understand the pnnclpie or theory underling the 
hivention 

"X" document of particular relevance; the claimed hivention 
cannot be considered novel or cannot be considered to 
frivotve an Inventive step when the document Is taken alone 

°Y" document of particular relevance; the claimed Invention 

cannot be considered to Involve an hiventtve step when the 
document Is combhied wtlli one or more other such docu- 
ments, such oombhriation being obvious to a person sidled 
hi the art 

"&* document member of the same patent famly 
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European Patent Office, P.B. 581 8 Patentiaan 2 
NL-2280HVRIJswlJc 
Tel. (431-70) 340-n2040, Tx. 31 661 epo nl, 
Fax: (431-70) 340-3016 
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